State Street is a leading provider of financial services to institutional investors around the world.
Who we are looking for
This position is part of the Technology Risk Management team, a First Line of Defense function responsible for driving effective technology risk management at State Street. As part of the business aligned Technology Risk team, candidate will be responsible for contributing to and implementing processes that support State Street’s technology risk management and information security functions within Alpha and Charles River Development.
Why this role is important to us
The team you will be joining is a part of a global, cross-divisional group supporting State Street AlphaSM.
State Street AlphaSM redefines the common definition of ‘alpha’ to mean powering better performance and outcomes at every point on the investment lifecycle and is the first open platform from a single provider that connects the front, middle and back office. It harmonizes data, technology and services across trusted providers to help our clients better manage their businesses.
Join us if making your mark in an ever-changing, increasingly complex and competitive industry is a challenge you are up for.
What you will be responsible for
As part of the Technology Risk team, you will
- Provide governance and ongoing support to the business across the IT risk management activities – risk identification, risk assessment, risk measurement, risk mitigation and risk monitoring & reporting in accordance with corporate policies and applicable frameworks.
- Support the evolution of first-line testing and assurance standards and best-practices across all IT business units
- Facilitate and drive reviews of controls associated with IT functions, including those required for compliance with industry standards (e.g., SOC2, NIST, ISO2700), raising observations for formal management review, and advising recommendations for improvement.
- Support the business with end-to-end issues management reporting and analysis and ensure tasks are completed timely based on issue life cycle.
- Review and challenge of exceptions against technology control objectives, and governance of IT control deviations and gaps to ensure risks are in line with risk appetite
- Assist with the preparation and support external reviews, including audit events and/or regulatory examinations.
- Actively lead, advise and participate in technology risk remediation projects
- Work with Corporate Compliance to ensure business is aligned with the IT and Continuity regulations program
- Work collaboratively with the second and third lines of defense and other risk management functions across the organization and champion the day-to-day operations, continuous improvement and governance of the risk environment.
- Support the review and reporting of technology risk and compliance information for measurement, analysis, and senior management communications, as directed
What we value
These skills will help you succeed in this role
- Ability to manage complexity, to effectively prioritize multiple tasks and work independently in non-routine situations.
- Strong analytical, interpersonal, organizational, research, and communication (verbal and written) skills.
- Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc.
- Foundational understanding risk management tools (Material Risk Identification, Risk and Control Self Assessments, Key Risk Indicator Methodology and, Loss Event data)
- Ability to translate technical issues into risk terms that business can understand
- Professional curiosity and willingness to learn new technologies and processes.
Education & Preferred Qualifications
- University degree in information systems, computer science, or related field
- Knowledge of industry Risk and Control frameworks (COSO, COBIT, ITIL, NIST, ISO, etc.)
- Knowledge of Cloud regulation and cloud security frameworks a plus
- Experience with Microsoft Tools, Archer platform, Open Pages, Tableau, SharePoint
- Technical certifications preferred e.g., CISM, CRISC, CISSP
- Technology Risk, IT Audit, IT Assurance experience; Financial services experience a plus
About State Street
What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.
Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.
Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.
State Street is an equal opportunity and affirmative action employer.
Discover more at StateStreet.com/careers
COVID-19 Protocols: Complying with State Street’s COVID-19 protocols is a condition of employment. Those requirements may vary depending on circumstances and legal requirements, and may include, without limitation, a requirement to be vaccinated (or have an accommodation), to disclose vaccination status, to provide evidence of vaccination status, etc.